[AVM Module Issue]: Missing 'networkAccessPolicy' Parameter for Disks in Virtual Machine Module

[paulschermers]

Check for previous/existing GitHub issues

• [X] I have checked for previous/existing GitHub issues

Issue Type?

Feature Request

Module Name

avm/res/compute/virtual-machine

(Optional) Module Version

No response

Description

We are unable to set the networkAccessPolicy parameter for osDisk and dataDisk(s) because this parameter is currently missing.

By default, the osDisk and dataDisk are deployed with the networkAccessPolicy set to 'AllowAll', whereas the AVM module avm/res/compute/disk defaults this parameter to 'DenyAll'.

We would like to configure the networkAccessPolicy for disks when deploying a virtual machine. Ideally, we would prefer to deploy the disks using the AVM module for 'disk'.

Suggestion 1: Add separate modules for osDisk and dataDisk within the virtual machine module, and reference them in the VirtualMachine configuration, like this:

osDisk: {
  managedDisk: {
    id: vm_osDisk.resourceId
  }
}

Suggestion 2: Add a networkAccessPolicy parameter to both the diskType(s) of the virtual machine module, like this:

osDisk: {
  networkAccessPolicy: networkAccessPolicy
}

I'm not sure if suggestion 1 is possible, therefor these are suggestions. :-)

(Optional) Correlation Id

No response

[microsoft-github-policy-service[bot]]

[!IMPORTANT] The "Needs: Triage :mag:" label must be removed once the triage process is complete!

[!TIP] For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.

[avm-team-linter[bot]]

@paulschermers, thanks for submitting this issue for the avm/res/compute/virtual-machine module!

[!IMPORTANT] A member of the @Azure/avm-res-compute-virtualmachine-module-owners-bicep or @Azure/avm-res-compute-virtualmachine-module-contributors-bicep team will review it soon!

[rahalan]

@paulschermers thanks, will look into it